[Openswan Users] dhcp over ipsec

Radu Brumariu radu at cs.kent.edu
Tue May 18 14:08:02 CEST 2004


Hi,

I have tried from my computer from home,  and I get this error in the logs :

 cannot respond to IPsec SA request because no connection is known for
0.0.0.0/0===131.123.35.3[C=US, ST=Ohio, L=Kent, O=KSU, OU=Computer Science,
CN=ipsec.cs.kent.edu, E=radu at cs.kent.edu]:17/0...24.223.166.109[C=US,
ST=Ohio, L=Kent, O=KSU, OU=Computer Science, CN=radu at cs.kent.edu,
E=radu at cs.kent.edu]:17/0===131.123.35.157/32

Am I specifying the wrong subnet ? I have rightsubnetwitin=131.123.35.0/24
131.123.35.157 is surely in 131.123.35.0/24 ... isn't it ?

In this scenario, the RW has a 192.162.1.x ip, and is successfully pulling a
dhcp address, however, the realy IPSec connection is not initialized ...

Thanks,
Radu

----- Original Message ----- 
From: "John A. Sullivan III" <john.sullivan at nexusmgmt.com>
To: "Radu Brumariu" <radu at cs.kent.edu>
Cc: <users at lists.openswan.org>
Sent: Tuesday, May 18, 2004 10:43 AM
Subject: Re: [Openswan Users] dhcp over ipsec


> Assuming that you have some other network on the other side of your
> gateway, you could try something like:
>
> ( RW w/ routable IP - e.g. 131.123.35.179 ... ) ---------------
> 131.123.35.3(VPN GW)192.168.100.1  ---------- (DHCP srv giving
> 192.168.100.155-159 -
>
>
> On Tue, 2004-05-18 at 06:36, Radu Brumariu wrote:
> > Well, I just wanted to test it out from the perspective of a machine
> > with a regular IP.
> > I will try it from an outside network ... see what that does. I used
> > that IP since, it's easy for me to test having the machines easily
> > accessible ...Anyhow, I will try that and let you know how that goes.
> >
> > Thanks,
> > Radu
> >
> > >>
> > >>There may be something really easy that I am doing wrong, but please
advise.
> > >>
> > >>
> > ><snip>
> > >Now I really am confused :-)
> > >So you are having the DHCP server assign addresses that are on the same
> > >network as the originating address and you are trying to establish a
> > >tunnel through a routing gateway but to communicate on the same subnet?
> > >
> > >If so, that sounds like trouble from a fundamental routing perspective.
> > >
> > >Where does the 192.168.1.100 fit into the picture?
> > >
> > >
> -- 
> John A. Sullivan III
> Chief Technology Officer
> Nexus Management
> +1 207-985-7880
> john.sullivan at nexusmgmt.com
>



More information about the Users mailing list